1
0
mirror of https://github.com/lightning/bolts.git synced 2024-11-19 10:00:04 +01:00
Commit Graph

986 Commits

Author SHA1 Message Date
Rusty Russell
38abac6206
BOLT 3: add a missing Otherwise, don't SHOULD "be". (#907)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2021-09-03 08:37:48 +02:00
Bastien Teinturier
498f104fd3
Update closing_signed fee requirement (#847)
With anchor outputs, we can keep the commit tx feerate lower than the real
on-chain feerate. That means that when closing the channel, the resulting
fee will not necessarily be lower than the current commit tx fee, this
requirement doesn't make sense to be strict.

Both sides can optionally include a preferred fee range in their
`closing_signed`. This lets their peer know what fees they find acceptable
and simplifies the closing negotiation.
2021-08-31 09:08:07 +02:00
Rusty Russell
4372f9d538 BOLT 2: define channel_type, make negotiation explicit.
This is extracted from channel_upgrade (#868), but used for opening
negotiation as suggested by @roasbeef on the last spec meeting.

It's a trivial change, fully backwards compatible, but now each channel
has a channel_type, which defines its behavior, rather than an ad-hoc
set of "sticky" feature bits.  It also means both peers can *support* a
feature without endorsing it.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2021-08-31 10:02:20 +09:30
Johan T. Halseth
fdc078f845
feature: define option_zero_htlc_tx_fee (feature 22/23) (#824)
This PR adds a new feature bit to define the new and improved anchor outputs commitment format.
2021-08-30 13:50:25 -07:00
Rusty Russell
d892c318af
BOLT 7: remove 2^32 restriction from channel_update as well. (#902)
This was missed in #877

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2021-08-30 18:29:21 +02:00
Olaoluwa Osuntokun
07c7caed51
Merge pull request #887 from lightningnetwork/bolt11-test-vectors-payment-secret
Make payment secret mandatory and update Bolt 11 test vectors
2021-08-16 18:37:21 -07:00
t-bast
ec1d4dc665
Make s field mandatory in invoices 2021-08-10 17:22:23 +02:00
t-bast
42bd71d49c
Add payment secret to Bolt 11 test vectors
Update Bolt 11 test vectors to always include a payment secret.

We want to make it mandatory in invoices which would make the existing
test vectors invalid.
2021-07-19 14:41:34 +02:00
Bastien Teinturier
84213f45c0
Remove HTLC amount restriction (#877)
We previously had a restriction on HTLC amounts to avoid big losses during
the early phases of the network, but it shouldn't be necessary anymore.

As long as we honor `max_htlc_value_in_flight_msat` and implementations
provide safe defaults for that parameter, we don't need that additional
restriction.
2021-06-21 22:41:46 +02:00
Matt Corallo
bda72c8305
Concretize Output Ordering to be less confusing (#876)
* Clean up output sorting wording to be a sorted list and way more explicit
* Retitle section to not mention input ordering as we do not need it
2021-06-21 22:14:27 +02:00
Bastien Teinturier
381650c7bc
Clarify Bolt 3 htlc tx output test vectors (#852)
It was sometimes unclear where we indexed by the output or the htlc id.
This is a follow-up from discussions made in #539.
2021-06-21 22:01:47 +02:00
Rusty Russell
3508e4e85d BOLT 2: option_shutdown_anysegwit
In bitcoin 0.19.0, standardness rules are going to be relaxed to allow
future witness versions.  Once this is widely deployed, it will be safe
to accept them, smoothing use of future segwit versions.

See: https://github.com/bitcoin/bitcoin/pull/15846

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2021-05-25 06:46:27 +09:30
Olaoluwa Osuntokun
46d798e104 BOLT-03: update test vectors w/ updated HTLC tie-breaker case 2021-05-25 06:45:20 +09:30
Olaoluwa Osuntokun
e3362410ac BOLT-03: make sats portion of HTLC CLTV tie-breaker more explicit
This commit is intended to fix an ambiguity in the spec that led to a
divergence in the sorting tie breaker between implementations, that can
lead to force closed transaction in practice. BIP 69 operates on the
output level, therefore it examines the _satoshi_ amount of a output
when sorting. The spec however, references BIP 69, but states that an
"identical" HTLC output may have the same `amount_msat` value.

In the wild this led to some implementations checking the _sat_ value of
an HTLC while others checked the _msat_ value. In the scenario where an
pair HTLC has the same _sat_ value, but differing _msat_ values, then
one will fall through to the tie-breaker, while the other while sort
them according to their _msat_ values.

In this commit, we attempt to make this requirement more explicit by
removing the reference to `msat`, and more explicitly describing when an
HTLC pair is to be considered identical.
2021-05-25 06:45:20 +09:30
Matt Corallo
a9db80e49d
Merge pull request #859 from LLFourn/patch-1
per_commitment_secret must be a valid secret key
2021-04-12 20:26:12 +00:00
Rusty Russell
83980de786
BOLT 4: remove space in formatting which prevented tools/extract-formats.py (#858)
This is the only one, so I simply removed it.  We'd notice if a new field
was introduced which didn't change the output these days, but this has been
here since 2017.

Here's the difference in extract-formats.py's output:

```diff
@@ -177,6 +177,9 @@
 msgtype,final_incorrect_htlc_amount,19
 msgdata,final_incorrect_htlc_amount,incoming_htlc_amt,u64,
 msgtype,channel_disabled,UPDATE|20
+msgdata,channel_disabled,flags,u16,
+msgdata,channel_disabled,len,u16,
+msgdata,channel_disabled,channel_update,byte,len
 msgtype,expiry_too_far,21
 msgtype,invalid_onion_payload,PERM|22
 msgdata,invalid_onion_payload,type,bigsize,
```

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2021-04-08 08:54:01 +02:00
Lloyd Fournier
55ee3f406d
per_commitment_secret must be a valid secret key
See #832
2021-03-31 14:28:36 +11:00
araspitzu
b201efe054
BOLT 3: add test vectors for htlc-transactions in case where CLTV is used as tie-breaker for sorting (#539)
Add a serialized transactions test vector for the edge case of sorting htlc-timeout-tx
when there are multiple offered htlc with the same amount and preimage.

The test vector reuses previous preimages and creates a case scenario with 1 received htlc
and 2 offered, the two offered will have same scriptPubKey and redeemScript, but different CLTV value.

It is asserted the order in which the htlc transactions should be kept internally
and we assume the same order is used to construct the commitment_signed message.
This complements #491 .
2021-03-05 09:10:26 +01:00
Oliver Gugger
80c1ae1732
Bolt 11: add distinct HRP prefix for Bitcoin signet (#844)
Judging from the comment
https://github.com/bitcoin/bitcoin/pull/18267/files#r491150895 in the
Signet PR all test networks should have the same bech32_hrp prefix (even
regtest). That's why 'tb' was chosen for Signet as well.
This is not optimal for LN as invoices shouldn't be vague in
what network they were issued for.
Therefore we add the explicit prefix 'lntbs' for Signet invoices.
2021-03-02 09:16:36 +01:00
Bastien Teinturier
ba00bf8f4c
Add 2016 blocks channel funding timeout (#839)
Routing nodes have an incentive to use low fees when opening channels to
ensure their activity is economically viable.

However, when a funding transaction takes too long to confirm, the fundee
may have forgotten the channel. In that case the funder is forced to
broadcast the first commit tx to get his funds back and then open a new
channel, which is costly.

We can avoid this issue by simply knowing how long the fundee will wait,
and ensuring the funding tx confirms before that period ends. We set this
timeout to 2016 blocks (2 weeks).
2021-03-02 09:16:07 +01:00
Olaoluwa Osuntokun
946bbeb4d7
Merge pull request #849 from matheusd/onion-nonce-size
Clarify nonce size for onion cipher
2021-03-01 17:18:11 -08:00
Matheus Degiovani
ffa0a3c243
Clarify nonce size for onion cipher
Some ChaCha20 implementations API's support both 64- and 96-bit nonces, while
others only support a single one.

Functionally, both nonce sizes are equivalent for LN usage, since the
nonce is always zeroed. However, while evaluating spec compliance of
ChaCha20 libraries, the fact that some do not support the 8 byte nonce
variant prompted a closer investigation about the nonce requirement.

Since RFC8439 is the one linked to in the current BOLT0004 spec and that
RFC only specifies the 96-bit nonce variant, that requirement is made
more explicit by this commit.
2021-02-18 10:21:48 -03:00
benthecarman
90468030d5 Correct hint for P2WPKH 2021-02-18 16:03:15 +10:30
Bastien Teinturier
edd45ecf22
Gossip queries: sync complete is back (#826)
We previously insisted that `reply_channel_range` messages were not
overlapping: blocks content could not be split across multiple messages.

This made it possible to implicitly figure out when sync was complete, so we
re-purposed the previous `complete` field to a `full_information` field.

We now revert that change to allow blocks to be split across multiple
messages. An explicit flag is thus needed to signal that sync is complete.

Fixes #804
2021-02-15 21:37:06 +01:00
Pierre-Marie Padiou
a5d4f33467
Minor indentation fix (#846) 2021-02-15 16:33:53 +01:00
Dan Gershony
b80f8a7194
Add links to section 9 (anchor outputs) (#833) 2021-01-27 09:12:41 +01:00
Johan T. Halseth
a00418f5f9
bolt-09: reserve feature bits for option_anchors_zero_fee_htlc_tx (#828) 2021-01-04 20:40:57 +01:00
Johan T. Halseth
d0c83854de
Correct htlc witness size calculations (#815)
* BOLT#3: use 4 bytes for cltv_expiry in accepted_htlc_script
* BOLT#3: correct success_witness size
* BOLT#3: note HTLC tx weights differ a bit from actual weights
2020-12-07 21:32:29 +01:00
Antoine Riard
01b56742de
Require to claim revoked local output in its own penalty tx post-anchor (#803)
If `option_anchor_outputs` applies, the cheating node can pin spends of its
HTLC-timeout/HTLC-success outputs thanks to SIGHASH_SINGLE malleability.
Using a single penalty transaction for all revoked outputs is thus unsafe as it
could be blocked to propagate long enough for the `_local node's main output_ 's
relative timelock to expire and the cheating party escaping the penalty on this
output.
2020-12-07 19:52:00 +01:00
Bastien Teinturier
920e51986d
Clarify relative order of some messages after reestablish (#810)
The existing requirements were not specifying the case where both a
`commitment_signed` and `revoke_and_ack` need to be retransmitted.

This is an important case to specify because if the relative order is not
preserved, the channel will close.

Fixes #794
2020-11-23 20:14:43 +01:00
Antoine Riard
dcf6b0f359
Prevent preimage reveal collision while claiming onchain incoming HTLC (#808)
See CVE-2020-26896 for context.
2020-11-10 08:49:18 +01:00
Corné Plooy
5a86adaa77 tlvs -> tlv_stream in extract-formats.py 2020-11-09 13:10:22 -06:00
Corné Plooy
13520a0e36 tlvs -> tlv_stream subsitution everywhere 2020-11-09 13:10:22 -06:00
Corné Plooy
72188227fc BOLT 4: link to BOLT 1 for tlv_payload format 2020-11-09 13:10:22 -06:00
Janus Troelsen
5afe7028f4
tools: remove broken structured.py (#812)
This script was previously used in Electrum but no more.

So since this script doesn't even parse the output of
extract-formats.py any more, just remove it.
2020-11-06 16:55:11 -08:00
Jan Xie
57e5545bbc
BOLT-05: fix typo in 'HTLC Output Handling' section 2020-11-06 16:50:24 -08:00
Antoine Riard
01f29bf9fe
Fail channel in case of high-S remote signature reception (#807)
See CVE-2020-26895 for context.
2020-11-03 09:24:42 +01:00
Conner Fromknecht
7e8c478aef BOLT07: prune if oldest channel_update is > 2 weeks old 2020-08-20 14:58:11 +09:30
t-bast
b4132ff240 fixup! Update Bolt 11 default recommendation 2020-08-20 14:57:34 +09:30
t-bast
c5693d336d Update Bolt 11 default recommendation 2020-08-20 14:57:34 +09:30
t-bast
886bf7a430 More conservative cltv_expiry_delta recommendations
Many channels use a value below 6, which is really insecure (there are
more than 2k such channels on mainnet).

While less risky, there are more than 7k channels with a value below 12.

This indicates that the spec should probably make the risks a bit more
clear to help guide node operators.
2020-08-20 14:57:34 +09:30
Olaoluwa Osuntokun
c053ce7afb
Merge pull request #688 from joostjager/anchor-outputs
Anchor outputs
2020-08-19 16:41:08 -07:00
Joost Jager
1739746afa
Anchor outputs
This commit extends the specification with a new commitment format that
adds two anchor outputs to the commitment transaction. Anchor outputs
are a safety feature that allows a channel party to unilaterally increase
the fee of the commitment transaction using CPFP and ensure timely
confirmation on the chain. There is no cooperation required from the
remote party.
2020-08-19 15:27:21 +02:00
Rusty Russell
f8ef3b4222
BOLT 11: make UPPERCASE explicit. (#677)
Explicitly mirror the BIP-173 advice for QR codes, and note the reader
requirements.

Fixes: #659
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2020-08-03 23:18:22 +02:00
Yong
50b7391a6e
Replace RFC7539 with RFC8439 (#763) 2020-08-03 22:56:00 +02:00
Corné Plooy
cc40afa88b BOLT 8: add missing MAC check in Act Three 2020-07-20 15:49:50 -05:00
Dr. Maxim Orlovsky
bdd4271101
Clarification on the occurences of TLV records with the same type (#777)
Closes #776
2020-07-07 10:09:54 +02:00
Rusty Russell
0ac9a6c409
BOLT 3: fix definition of flip(B) in P. (#779)
It turns out everyone does `P[B / 8] ^= (1 << (P % 8))`,
which is not what the spec says to do (it implies you
would treat P as a bitstring numbered 255 to 0).

See this stackoverflow question:
	https://stackoverflow.com/questions/49928131/lightning-secret-generation-from-seed

Reported-by: Janus Troelsen @ysangkok (on Twitter)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2020-07-07 08:58:08 +02:00
Joost Jager
bfc66e5e4a
Fixes to existing spec 2020-06-26 09:18:49 +02:00
Rusty Russell
9e8e29af9b
Complete the Fundamental Types. (#778)
* Rename all the 'varint' to 'bigsize'.

Having both is confusing; we chose the name bigsize, so use it
explicitly.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

* BOLT 7: use `byte` instead of `u8`.

`u8` isn't a type; see BOLT #1 "Fundamental Types".

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

* BOLT 1: promote bigsize to a Fundamental Type.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2020-05-25 22:25:46 +02:00